Details of VAR-202005-0093

ID

VAR-202005-0093

CVE

CVE-2020-10971

TITLE

plural Wavlink Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-005325

DESCRIPTION

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000. Wavlink WL-WN579G3 , WL-WN575A3 , WL-WN530HG4b The device contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An issue exists on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-WN575A3 RPT75A3.V4300.180801, and WL-WN530HG4 M30HG4.V5030.191116 devices

Trust: 1.71

sources: NVD: CVE-2020-10971 // JVNDB: JVNDB-2020-005325 // VULMON: CVE-2020-10971

AFFECTED PRODUCTS

vendor:	wavlink	model:	wl-wn530hg4	scope:	eq	version:	m30hg4.v5030.191116	Trust: 1.8
vendor:	wavlink	model:	wl-wn579g3	scope:	eq	version:	m79x3.v5030.180719	Trust: 1.8
vendor:	wavlink	model:	wl-wn575a3	scope:	eq	version:	rpt75a3.v4300.180801	Trust: 1.0
vendor:	wavlink	model:	wl-wn575a3	scope:	eq	version:	m30hg4.v5030.191116	Trust: 0.8

sources: JVNDB: JVNDB-2020-005325 // NVD: CVE-2020-10971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10971
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005325
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-271
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-10971
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-10971
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005325
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-10971
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005325
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-10971 // JVNDB: JVNDB-2020-005325 // CNNVD: CNNVD-202005-271 // NVD: CVE-2020-10971

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-005325 // NVD: CVE-2020-10971

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-271

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-271

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005325

PATCH

title:	Top Page	url:	https://www.wavlink.com/en_us/index.html	Trust: 0.8
title:	CVE	url:	https://github.com/sudo-jtcsec/CVE	Trust: 0.1

sources: VULMON: CVE-2020-10971 // JVNDB: JVNDB-2020-005325

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10971	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-005325	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-271	Trust: 0.6
db:	VULMON	id:	CVE-2020-10971	Trust: 0.1

sources: VULMON: CVE-2020-10971 // JVNDB: JVNDB-2020-005325 // CNNVD: CNNVD-202005-271 // NVD: CVE-2020-10971

REFERENCES

url:	https://github.com/sudo-jtcsec/cve/blob/master/cve-2020-10971	Trust: 1.9
url:	https://github.com/sudo-jtcsec/cve/blob/master/cve-2020-10971-affected_devices	Trust: 1.6
url:	https://github.com/roni-carta/nyra	Trust: 1.6
url:	https://github.com/sudo-jtcsec/nyra	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10971	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10971	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/sudo-jtcsec/cve	Trust: 0.1

sources: VULMON: CVE-2020-10971 // JVNDB: JVNDB-2020-005325 // CNNVD: CNNVD-202005-271 // NVD: CVE-2020-10971

SOURCES

db:	VULMON	id:	CVE-2020-10971
db:	JVNDB	id:	JVNDB-2020-005325
db:	CNNVD	id:	CNNVD-202005-271
db:	NVD	id:	CVE-2020-10971

LAST UPDATE DATE

2024-11-23T23:01:23.282000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-10971	date:	2020-12-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-005325	date:	2020-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202005-271	date:	2020-12-07T00:00:00
db:	NVD	id:	CVE-2020-10971	date:	2024-11-21T04:56:29.123

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-10971	date:	2020-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-005325	date:	2020-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202005-271	date:	2020-05-07T00:00:00
db:	NVD	id:	CVE-2020-10971	date:	2020-05-07T18:15:11.227